Client JS Library

MIRACL Trust provides a JavaScript library that lets you implement custom verification flows that best suit your use case - MIRACL Trust Client JS Library .

As a preliminary step, you need to configure the verification .

To register the device, your web application must consume the Verification URL obtained by the verification request. This URL can then be directly returned to the application where the verification process is completed.

When the end user’s User ID is verified, you must request the Verification URL to be sent from the platform. The Verification URL is generated by making an authenticated POST request to <https://<PROJECT_DOMAIN>/verification>.

curl \
    --request POST \
    --user "${CLIENT_ID}:${CLIENT_SECRET}" \
    --data '{
        "projectId": "'"${PROJECT_ID}"'",
        "userId": "'"${USER_ID}"'",
        "deviceName": "'"${DEVICE_NAME}"'",
        "expiration": "'"${EXPIRATION}"'",
        "delivery": "no"
    }' \
    https://${PROJECT_DOMAIN}/verification

With the following response:

{
  "verificationURL": "https://<PROJECT_DOMAIN>/verification/confirmation?user_id=<USER_ID>&code=<CODE>"
}

All values are redacted.

See MIRACL Trust Backend API for more details.

The end user must follow the URL from the response to enrol a new device.

Another option is to send the URL to the end user via any appropriate secure channel (email, SMS, etc.).

Use the received Verification URL and the getActivationToken method of the library to get an activation token and register the browser:

mcl.getActivationToken(
  "https://yourdomain.com/verification/confirmation?user_id=alice@miracl.com&code=theVerificationCode",
  function callback(err, result) {
    if (err) {
      // Handle any potential errors
    }

    console.log(result.actToken);
  },
);

To finish the registration , call the register method using the received activation token (actToken):

mcl.register(
  userId,
  actToken,
  function (passPin) {
    // Here you need to prompt the user for their PIN
    // and then call the passPin argument with the value
    passPin(pin);
  },
  function callback(err) {
    if (err) {
      // Handle any potential errors
    }
  },
);

If the registration is successful, the enrolment process is completed. End users can now authenticate using the PIN chosen for the device. They can go through the verification process for each device they want to use for authentication or use QuickCode , if enabled, to enrol additional devices using the already enrolled one.

sequenceDiagram actor User Agent participant RPA as Relying Party Application participant MIRACL Trust RPA->>MIRACL Trust: POST /verification MIRACL Trust-->>RPA: Verification URL RPA-->>User Agent: Pass Verification URL User Agent->>MIRACL Trust: getActivationToken MIRACL Trust-->>User Agent: Activation Token User Agent->>MIRACL Trust: register(userId, actToken) MIRACL Trust-->>User Agent: Registration data User Agent->>User Agent: Prompt for PIN
End user enters PIN User Agent-->>User Agent: Registration completes

Relying Party Application is your application’s back end.